View on GitHub

DNSViz: A DNS visualization tool

defcon.org

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (7)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 9799)
  • defcon.org/DS (alg 14, id 55751)
  • org/DNSKEY (alg 8, id 26974)
  • org/DNSKEY (alg 8, id 54255)
  • org/DNSKEY (alg 8, id 7986)
  • org/DS (alg 8, id 26974)
Non_existent (1)
  • defcon.org/DNSKEY (alg 14, id 55751)

Delegation statusDelegation status

Bogus (1)
  • org to defcon.org
Secure (1)
  • . to org

NoticesNotices

Errors (2)
  • defcon.org zone: There was an error resolving the following NS name(s) to address(es): dns-1.datamerica.com, dns-2.datamerica.com, dns-3.datamerica.com
  • org to defcon.org: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone.
Warnings (1)
  • defcon.org zone: No IPv4 addresses were found for NS records in the parent or child zone.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph